diff options
author | Mark Benvenuto <mark.benvenuto@mongodb.com> | 2016-09-22 17:03:15 -0400 |
---|---|---|
committer | Mark Benvenuto <mark.benvenuto@mongodb.com> | 2016-09-22 17:03:15 -0400 |
commit | 168d00f4aacf2f6f792009e0e5049706af43b9e5 (patch) | |
tree | c6e95226cc76ee78b808ae3ef3abc591ec26ac75 | |
parent | 1402e83f1eaf3fed2d958980ee57cb15dfac4f09 (diff) | |
download | mongo-168d00f4aacf2f6f792009e0e5049706af43b9e5.tar.gz |
SERVER-26101 DBDirectClient isn't safe to auth
-rw-r--r-- | jstests/core/evalh.js | 14 | ||||
-rw-r--r-- | src/mongo/scripting/mozjs/mongo.cpp | 2 |
2 files changed, 15 insertions, 1 deletions
diff --git a/jstests/core/evalh.js b/jstests/core/evalh.js new file mode 100644 index 00000000000..1eb928bf47f --- /dev/null +++ b/jstests/core/evalh.js @@ -0,0 +1,14 @@ +/** + * Test that db.eval does not support auth. + */ +(function() { + 'use strict'; + + // The db.auth method call getMongo().auth but catches the exception. + assert.eq(0, db.eval('db.auth("reader", "reader")')); + + // Call the native implementation auth function and verify it does not exist under the db.eval + // javascript context. + assert.throws( function() { db.eval('db.getMongo().auth("reader", "reader")'); }); +})(); + diff --git a/src/mongo/scripting/mozjs/mongo.cpp b/src/mongo/scripting/mozjs/mongo.cpp index 2c887804203..68d6b05719f 100644 --- a/src/mongo/scripting/mozjs/mongo.cpp +++ b/src/mongo/scripting/mozjs/mongo.cpp @@ -52,7 +52,7 @@ namespace mongo { namespace mozjs { const JSFunctionSpec MongoBase::methods[] = { - MONGO_ATTACH_JS_CONSTRAINED_METHOD_NO_PROTO(auth, MongoLocalInfo, MongoExternalInfo), + MONGO_ATTACH_JS_CONSTRAINED_METHOD_NO_PROTO(auth, MongoExternalInfo), MONGO_ATTACH_JS_CONSTRAINED_METHOD_NO_PROTO(close, MongoExternalInfo), MONGO_ATTACH_JS_CONSTRAINED_METHOD_NO_PROTO( copyDatabaseWithSCRAM, MongoLocalInfo, MongoExternalInfo), |